Abstract: | 數位簽章具有鑑定(Authentication)和不可否認(Non-repudiation)的特性。密鑰丟失(Key exposure problem),這些特性不但會消失,連過去簽署過的簽章也都會失效。前向式安全(Forward security)可以減輕密鑰丟失所帶來的問題。因此,本論文分成兩個部份:首先,針對具有前向式安全的數位簽章系統之發展及相關延伸系統作介紹與整理。第二部份,提出兩個前向式安全盲簽章系統。 目前有許多方法來減輕密鑰丟失所帶來的問題,我們將它們分成以下四類來介紹:前向式安全(Forward security)、應用在配對的前向式安全(Pairing-based forward security)、隔絕密鑰式安全(Key-insulated security)以及耐入侵式安全(Intrusion-resilient security)。(1)前向式安全:著在描述所有系統的架構、重要的想法、目的和安全性分析。(2) 應用在配對的前向式安全:主要描述系統達到前向式安全的結構。(3) 隔絕密鑰式安全和(4) 耐入侵式安全:這兩類著重在描述其目的以及定義。最後,介紹前向式安全、隔絕密鑰式安全和耐入侵式安全這三者彼此間的關係及前向式安全與其他特性簽章系統(例如:門檻值簽章(Threshold signature)、群體式簽章(Group signature)…等)做結合。 盲簽章系統被廣泛的使用在一些財金上的應用,其目的是為了保護使用者的匿名性並提供不可偽造的安性。而前向式安全可以保護在密鑰丟失前的簽章合法性。我們認為針對E-cash 這個應用,盲簽章系統直接關係到金錢,因此盲簽章具有前向式安全是重要而且必須。萬一簽章者的密鑰丟失,過去所有的簽章都會因而不被信任,這對E-cash 中的三個角色(Bank、User and Merchant)都會造成損失。因此,我們在本論文中提出了以Fiat-Shamir 和Ong-Schnorr 盲簽章系統為基礎的兩個基於質因數分解難題的前向式安全盲簽章系統。同時,我們利用亂數神諭模組(Random oracle model)證明所提出的兩個前向式安全盲簽章系統具有前向式安全和匿名的特性。 In this thesis, we focus on the topic of signature schemes with the forward security. Firstly, a survey of some signature schemes which are devoted to solving the key exposure problem is presented. Secondly, the proposed schemes, forward-secure blind signature schemes are introduced. There are some ways to solve the key exposure problem. We classify them into four parts. They are the forward security, the pairing-based forward security, the key-insulted security, and the intrusion-resilient security. In the class of the forward security, we put more attention on describing all the evolution, each important key idea, new scheme, and security analysis. At the same time, some well design charts are used to help the readers to catch the whole development. In the class of the pairing-based forward security, we put attention on the structure which are used to achieve the forward security rather than describe each scheme in detail. In the class of the key-insulated security and the intrusion-resilient security, we focus on their purposes and the de?nitions. Finally, the relationships between the forward security, the key-insulted security, and the intrusion-resilient security and forward-secure signature schemes with special properties are presented. The Blind signature which provides the properties of anonymity and unforgeability is employed in many large scale social activities and ?nancial applications. If signer's secret key is compromised, the signature signed before will not be believed again. So, this kind of system will suffer a great loss. Forward-secure property is a security notion to preserve that a compromised current secret key does not help an adversary to forge any signature in some past time period. Therefore, the blind signature with the forward security becomes evidently important and necessary. In this thesis, we present two forward-secure blind signature schemes, which are based on Fiat-Shamir and Ong-Schnorr blind signatures, respectively. We give the proofs of the two forward-secure blind signature schemes with the blindness and forward security. |